Ir ao conteúdo
  • Cadastre-se
zadoke

remover virus

Posts recomendados

Toda vez que vou abrir a janela da Internet Explorer para navegar na internet, abrem várias janelas de outros sites, uma de cada vez,de publicidade,já scanei com o hijackthis,peço ajuda pk já passei o ccleaner e o antivirus e nada... aqui vai o log;

Logfile of HijackThis v1.99.1

Scan saved at 19:57:03, on 29-12-2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Ahead\InCD\InCDsrv.exe

C:\Programas\Sygate\SPF\smc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Programas\Ficheiros comuns\Autodata Limited Shared\Service\ADCDLicSvc.exe

C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

C:\Programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE

C:\Programas\Java\jre1.6.0_03\bin\jusched.exe

C:\PROGRA~1\MYSECR~1\MSFMON.exe

C:\Programas\Logitech\Video\LogiTray.exe

C:\Programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe

C:\Programas\USB Disk Win98 Driver\Res.EXE

C:\Programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\PROGRA~1\MESSEN~1\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Internet Explorer\iexplore.exe

C:\Programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\LVComS.exe

C:\Programas\MSN Messenger\msnmsgr.exe

C:\Programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\winlogon.exe

C:\Programas\WinRAR\WinRAR.exe

C:\Documents and Settings\Nuno Santos\Os meus documentos\*****\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programas\MegauploadToolbar\megauploadtoolbar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar3.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programas\MegauploadToolbar\megauploadtoolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar3.dll

O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MSF_Monitor] C:\PROGRA~1\MYSECR~1\MSFMON.exe /Start

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programas\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programas\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [uSB Storage Toolbox] C:\Programas\USB Disk Win98 Driver\Res.EXE

O4 - HKLM\..\Run: [bat Wave Base Dale] C:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave\THE SAVE.exe

O4 - HKLM\..\Run: [avgnt] "C:\Programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYPT

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{9908C95D-6DCB-47D4-821F-1C9DC2B09AA9}: NameServer = 195.23.129.126,194.79.69.222

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Programas\Ficheiros comuns\Autodata Limited Shared\Service\ADCDLicSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programas\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programas\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programas\Sygate\SPF\smc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programas\Analog Devices\SoundMAX\SMAgent.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Pelo o que eu entendi, você está tendo problemas com pop-ups, janelas chatas de propaganda que aparecem nos sites. Não é vírus, mas não clique em nenhuma delas. Faça o seguinte, verifique se o seu bloqueador de pop-up está ativado. Navegue nos menus do Explorer e veja isso.

espero tê-lo ajudado. Abrçs

Compartilhar este post


Link para o post
Compartilhar em outros sites

Eu tenho o blokeador de janelas pop-up ligado .e as janelas continuam a abri,mesmo sem navegar,apenas com uma pagina aberta,acho estranho pk nunca me aconteceu desde ke tenha as janelas de pop-up blokiadas. :(

obrigado abrçs

Compartilhar este post


Link para o post
Compartilhar em outros sites

Elas abrem em conjunto com o IE ou quando você vai visitando os sites ?

Compartilhar este post


Link para o post
Compartilhar em outros sites

abrem com a IE e outras navegando :confused:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Combofix;

Feche todas as janelas abertas e execute a Ferramenta ComboFix.

Digite a opção para continuar e <ENTER>.

Não abra, nem feche nenhum programa até terminar o scan. Aguarde pacientemente...

- Se necessário, o programa vai reiniciar o seu computador. Reinicie em modo normal...

Envie o log do ComboFix que está em C:\ComboFix.txt

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Faça o download do show-vundo

Rode o show-vundo.vbs. Copie e cole o conteúdo do resultado que encontrará em C:\vundo-bho.txt na sua próxima resposta,

Compartilhar este post


Link para o post
Compartilhar em outros sites

agradeço a ajuda,aqui vai o combofix:

ComboFix 08-01-03.1 - Nuno Santos 2008-01-02 18:56:18.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.2070.18.197 [GMT 0:00]

Executando de: C:\Documents and Settings\Nuno Santos\Os meus documentos\ComboFix.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Nuno Santos\Application Data\inst.exe

C:\Programas\FunWebProducts

C:\Programas\FunWebProducts\ScreenSaver\Images\00D256FC.urr

C:\Programas\FunWebProducts\Shared\Cache\CursorManiaBtn.html

C:\Programas\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html

C:\Programas\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html

C:\Programas\FunWebProducts\Shared\Cache\SmileyCentralBtn.html

C:\WINDOWS\system32\f3PSSavr.scr

.

((((((((((((((((((((((( Ficheiros criados de 2007-12-03 to 2008-01-03 ))))))))))))))))))))))))))))))))

.

2008-01-02 18:55 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-01 15:58 . 2008-01-01 16:04 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2008-01-01 15:58 . 2008-01-01 16:13 30,590 --a------ C:\WINDOWS\system32\pavas.ico

2008-01-01 15:58 . 2008-01-01 16:13 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-01-01 15:58 . 2008-01-01 16:13 1,406 --a------ C:\WINDOWS\system32\Help.ico

2007-12-26 14:42 . 2007-12-26 14:43 <DIR> d-------- C:\twint

2007-12-26 00:44 . 2007-12-26 00:44 <DIR> d-------- C:\Programas\Avira

2007-12-26 00:44 . 2007-12-26 00:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2007-12-26 00:02 . 2007-12-26 00:02 <DIR> d-------- C:\Programas\Vga math dent

2007-12-25 01:24 . 2007-12-25 22:24 <DIR> d-------- C:\Programas\MTVVideoConverter_v1.11.6

2007-12-24 00:37 . 2007-12-24 00:37 <DIR> d-------- C:\Programas\Alwil Software

2007-12-23 23:13 . 2007-12-26 00:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave

2007-12-23 23:12 . 2007-12-28 22:10 <DIR> d-------- C:\Programas\Circle Developement

2007-12-22 01:23 . 2007-12-22 01:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2007-12-22 01:23 . 2007-12-22 01:23 1,409 --a------ C:\WINDOWS\QTFont.for

2007-12-22 00:35 . 2007-12-25 01:19 <DIR> d-------- C:\Programas\USB Disk Win98 Driver

2007-12-13 22:43 . 2007-12-13 22:43 <DIR> d-------- C:\Temp

2007-12-12 23:02 . 2007-07-01 03:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2007-12-12 23:02 . 2007-07-01 03:36 1,036,288 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2007-12-12 23:01 . 2007-12-12 23:04 <DIR> d-------- C:\WINDOWS\system32\pt-pt

2007-12-09 13:19 . 2007-12-23 12:28 <DIR> d-------- C:\Programas\Windows Media Connect 2

2007-12-09 13:16 . 2007-12-23 12:28 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-02 18:39 --------- d-----w C:\Documents and Settings\Nuno Santos\Application Data\Vga math dent

2007-12-26 14:36 --------- d-----w C:\Programas\Yahoo!

2007-12-25 20:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2007-12-24 23:59 --------- d-----w C:\Documents and Settings\Administrador\Application Data\MEGAUPLOADTOOLBAR

2007-12-23 23:12 --------- d-----w C:\Programas\Messenger Plus! Live

2007-12-22 00:35 --------- d--h--w C:\Programas\InstallShield Installation Information

2007-12-03 23:29 --------- d-----w C:\Documents and Settings\Nuno Santos\Application Data\Skype

2007-11-30 23:43 --------- d-----w C:\Programas\SAPO Messenger

2007-11-30 13:31 --------- d-----w C:\Documents and Settings\Noélia\Application Data\Skype

2007-11-25 21:26 --------- d-----w C:\Programas\Java

2007-11-17 00:27 --------- d-----w C:\Documents and Settings\rafael\Application Data\MEGAUPLOADTOOLBAR

2007-11-17 00:26 --------- d-----w C:\Programas\MSN Messenger

2007-11-17 00:26 --------- d-----w C:\Documents and Settings\rafael\Application Data\Skype

2007-11-17 00:26 --------- d-----w C:\Documents and Settings\Convidado\Application Data\MEGAUPLOADTOOLBAR

2007-11-11 01:07 --------- d-----w C:\Documents and Settings\Nuno Santos\Application Data\SapoMessenger4

2007-11-07 19:36 --------- d-----w C:\Documents and Settings\rafael\Application Data\Teleca

2007-10-11 06:13 662,528 ----a-w C:\WINDOWS\system32\wininet(3).dll

2007-10-11 06:13 616,960 ----a-w C:\WINDOWS\system32\urlmon(3).dll

2007-08-20 16:15 47,360 ----a-w C:\Documents and Settings\Nuno Santos\Application Data\pcouffin.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EPSON Stylus Photo RX420 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.exe" [2004-04-09 03:00 98304]

"MsnMsgr"="~C:\Programas\MSN Messenger\MsnMsgr.exe" [ ]

"MSMSGS"="C:\PROGRA~1\MESSEN~1\msmsgs.exe" [2004-10-13 16:24 1694208]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-21 12:00 15360]

"Mapiway"="C:\DOCUME~1\NUNOSA~1\APPLIC~1\VGAMAT~1\drv base bleh.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EPSON Stylus Photo RX420 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.exe" [2004-04-09 03:00 98304]

"SunJavaUpdateSched"="C:\Programas\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-06-30 15:56 2376928]

"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 10:15 106496]

"QuickTime Task"="C:\Programas\QuickTime\qttask.exe" [2006-09-24 02:24 282624]

"MSF_Monitor"="C:\PROGRA~1\MYSECR~1\MSFMON.exe" [2006-04-21 23:00 94208]

"LogitechVideoTray"="C:\Programas\Logitech\Video\LogiTray.exe" [2004-02-12 15:59 77824]

"LogitechVideoRepair"="C:\Programas\Logitech\Video\ISStart.exe" [2004-02-12 15:57 188416]

"Adobe Photo Downloader"="C:\Programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2007-06-12 16:31 57344]

"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-10 15:26 406016]

"TkBellExe"="C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" [2007-05-27 20:42 180269]

"Adobe Reader Speed Launcher"="C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]

"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"USB Storage Toolbox"="C:\Programas\USB Disk Win98 Driver\Res.EXE" [2005-09-14 20:44 65536]

"Bat Wave Base Dale"="C:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave\THE SAVE.exe" [2008-01-02 18:39 865280]

"avgnt"="C:\Programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-26 00:45 249896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2004-09-21 12:00 137216]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-21 12:00 15360]

R0 SiSRaid2;SiSRaid2;C:\WINDOWS\system32\DRIVERS\SiSRaid2.sys [2004-05-25 01:36]

R1 npapimon;npapimon;C:\WINDOWS\system32\drivers\npapimon.sys [2005-05-13 10:37]

R1 ssdiagn;ssdiagn;C:\WINDOWS\system32\drivers\ssdiagn.sys [2005-05-13 10:37]

R2 MSF32;MSF32;C:\Programas\MySecretFolder XP\MSF32.SYS [2006-04-21 23:00]

S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2007-09-19 19:58]

S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2007-09-19 19:58]

S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2007-09-19 19:58]

S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2007-09-19 19:58]

S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2007-09-19 19:58]

S3 usbscan;Controlador de scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]

S3 USBSTOR;Controlador de armazenamento de massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

*Newly Created Service* - PROCEXP90

.

Conteúdo da pasta 'Tarefas Agendadas'

"2008-01-03 19:00:00 C:\WINDOWS\Tasks\A94C2EC591DBACED.job"

- c:\docume~1\nunosa~1\applic~1\vgamat~1\BLAH você EGGS.exe

"2008-01-02 17:05:55 C:\WINDOWS\Tasks\Adobe Reader 8.job"

- C:\Documents and Settings\All Users\Menu Iniciar\Programas\Adobe Reader 8.lnk

"2008-01-01 20:19:00 C:\WINDOWS\Tasks\AM Capture.job"

- C:\PROGRA~1\Pinnacle\STUDIO~1\bin\amcap.exe

"2007-08-10 23:15:00 C:\WINDOWS\Tasks\lembrete.job"

- C:\Documents and Settings\Nuno Santos\Os meus documentos\lembrete.txt

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-03 19:00:33

Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

EPSON Stylus Photo RX420 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /M "Stylus Photo RX420" /EF "HKCU"????????????9~??U?????l???????T???#!#T????????????l???????????J?9~????????l????????????????c=~????????l???0 #T????????????????T?????????9~8tW???????????9~???????????????????????????????|????????8tW?????????????0 #T`c=~??9~-?:~T???????????????????????0????.??????D???????4????Y:~T???????????????P???????????????T????Y:~????P???????{S??????????????X?;~????P???????j?;~P???????8???????????`??

Procurando ficheiros ocultos ...

Varredura completada com sucesso

Ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-01-03 19:01:10

ComboFix-quarantined-files.txt 2008-01-03 19:00:54

.

2007-11-20 20:24:38 --- E O F ---

==========================================================

e o show-vundo:

=================================================

Relatório | BHOs, Winlogon Notify e AppInit_DLLs

=================================================

AppInit_DLLs

-------------------------------------------------

[Vazia]

-------------------------------------------------

Authentication Packages

-------------------------------------------------

[1] msv1_0

-------------------------------------------------

Security Providers

-------------------------------------------------

msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

-------------------------------------------------

Explorer Execute Hooks

-------------------------------------------------

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="shell32.dll"

-------------------------------------------------

Browser Helper Objects

-------------------------------------------------

[HKLM\SOFTWARE\Classes\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\]

Adobe PDF Reader Link Helper | [indefinido]

C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKLM\SOFTWARE\Classes\CLSID\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}\]

[indefinido] | [indefinido]

[indefinido]

[HKLM\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\]

Megaupload Toolbar | [indefinido]

C:\Programas\MegauploadToolbar\megauploadtoolbar.dll

[HKLM\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\]

SSVHelper Class | [indefinido]

C:\Programas\Java\jre1.6.0_03\bin\ssv.dll

[HKLM\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\]

[indefinido] | [indefinido]

[indefinido]

[HKLM\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\]

Google Toolbar Helper | [indefinido]

c:\programas\google\googletoolbar3.dll

[HKLM\SOFTWARE\Classes\CLSID\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\]

EpsonToolBandKicker Class | [indefinido]

C:\Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

-------------------------------------------------

Winlogon Notify

-------------------------------------------------

[Padrão] crypt32chain : crypt32.dll

[Padrão] cryptnet : cryptnet.dll

[Padrão] cscdll : cscdll.dll

[Padrão] ScCertProp : wlnotify.dll

[Padrão] Schedule : wlnotify.dll

[Padrão] sclgntfy : sclgntfy.dll

[Padrão] SensLogn : WlNotify.dll

[Padrão] termsrv : wlnotify.dll

[Nova] WgaLogon : wlnotify.dll

[Padrão] wlballoon : wlnotify.dll

Esta NÃO É uma lista de arquivos maliciosos!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of HijackThis v1.99.1

Scan saved at 22:25:54, on 03-01-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Ahead\InCD\InCDsrv.exe

C:\Programas\Sygate\SPF\smc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Programas\Ficheiros comuns\Autodata Limited Shared\Service\ADCDLicSvc.exe

C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

C:\Programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE

C:\Programas\Java\jre1.6.0_03\bin\jusched.exe

C:\PROGRA~1\MYSECR~1\MSFMON.exe

C:\Programas\Logitech\Video\LogiTray.exe

C:\Programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe

C:\Programas\USB Disk Win98 Driver\Res.EXE

C:\Programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\PROGRA~1\MESSEN~1\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\LVComS.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Programas\MSN Messenger\msnmsgr.exe

C:\Programas\MSN Messenger\usnsvc.exe

C:\Programas\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Nuno Santos\Os meus documentos\*****\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programas\MegauploadToolbar\megauploadtoolbar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar3.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programas\MegauploadToolbar\megauploadtoolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar3.dll

O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MSF_Monitor] C:\PROGRA~1\MYSECR~1\MSFMON.exe /Start

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programas\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programas\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [uSB Storage Toolbox] C:\Programas\USB Disk Win98 Driver\Res.EXE

O4 - HKLM\..\Run: [bat Wave Base Dale] C:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave\THE SAVE.exe

O4 - HKLM\..\Run: [avgnt] "C:\Programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk142YYPT

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{9908C95D-6DCB-47D4-821F-1C9DC2B09AA9}: NameServer = 195.23.129.126,194.79.69.222

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Programas\Ficheiros comuns\Autodata Limited Shared\Service\ADCDLicSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programas\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programas\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programas\Sygate\SPF\smc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programas\Analog Devices\SoundMAX\SMAgent.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download do Killbox , descompacte-o e execute-o.

- Marque a opção Delete on Reboot.

- Agora copie os arquivos abaixo:

(selecione e clique em Editar > Copiar).

C:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave\THE SAVE.exe

- Volte ao KillBox. Clique em File > Paste from clipboard. Clique no botão All Files.

- Clique no botão X. Responda Não à pergunta.

@@@@@@@@@@@@@@@@@@@@@@@@@@

Com o Hijack This selecione depois clique em Fix Checked nas seguintes entradas:

O2 - BHO: (no name) - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)

O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

O4 - HKLM\..\Run: [bat Wave Base Dale] C:\Documents and Settings\All Users\Application Data\Link Axis Bat Wave\THE SAVE.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxmk142YYPT

=============================================

Poste novo log do Hijack This.

Compartilhar este post


Link para o post
Compartilhar em outros sites

aqui vai log;

Logfile of HijackThis v1.99.1

Scan saved at 23:04:00, on 03-01-2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Programas\Ahead\InCD\InCDsrv.exe

C:\Programas\Sygate\SPF\smc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Programas\Ficheiros comuns\Autodata Limited Shared\Service\ADCDLicSvc.exe

C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

C:\Programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE

C:\Programas\Java\jre1.6.0_03\bin\jusched.exe

C:\PROGRA~1\MYSECR~1\MSFMON.exe

C:\Programas\Logitech\Video\LogiTray.exe

C:\Programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe

C:\Programas\USB Disk Win98 Driver\Res.EXE

C:\Programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\PROGRA~1\MESSEN~1\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\LVComS.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Programas\MSN Messenger\msnmsgr.exe

C:\Programas\MSN Messenger\usnsvc.exe

C:\Documents and Settings\Nuno Santos\Os meus documentos\*****\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programas\MegauploadToolbar\megauploadtoolbar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar3.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programas\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programas\MegauploadToolbar\megauploadtoolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar3.dll

O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [MSF_Monitor] C:\PROGRA~1\MYSECR~1\MSFMON.exe /Start

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programas\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programas\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programas\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [uSB Storage Toolbox] C:\Programas\USB Disk Win98 Driver\Res.EXE

O4 - HKLM\..\Run: [avgnt] "C:\Programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{9908C95D-6DCB-47D4-821F-1C9DC2B09AA9}: NameServer = 195.23.129.126,194.79.69.222

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Programas\Ficheiros comuns\Autodata Limited Shared\Service\ADCDLicSvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programas\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programas\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe

O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programas\Sygate\SPF\smc.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programas\Analog Devices\SoundMAX\SMAgent.exe

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Vundo Fix

* Dê duplo-clique sobre VundoFix.exe para iniciá-lo;

* Quando o VundoFix abrir clique em Scan for Vundo. Aguarde o término do scan que pode demorar algum tempo. Seja paciente;

* Terminado o scan clique em Remove Vundo;

* Você receberá um alerta perguntando se deseja remover os arquivos. Clique em YES. O seu desktop irá apagar (isto é normal);

* Para completar o scan será necessário reinicializar a máquina. Clique em OK;

* Depois poste o log do VundoFix (C:\vundofix.txt) em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

não tinha arkivos para remover no vundo fix

(no files were found,vundo fix V6.7.7 will now close)

========================================================================

VundoFix V6.7.7

Checking Java version...

Sun Java not detected

Scan started at 18:16:02 04-01-2008

Listing files found while scanning....

No infected files were found.

Beginning removal...

Compartilhar este post


Link para o post
Compartilhar em outros sites

obrigado valeu, Abrçs :)

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×
×
  • Criar novo...